testing dyndns_update - sssd-devel - Fedora Mailing-Lists

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

testing dyndns_update

[PATCH] Add missing \n to debug...

Re: [SSSD] SSSD with SSH and PAM...

steve

Wednesday, 8 May 2013 Wed, 8 May '13

3:46 p.m.

Hi We have 1.10.0beta1 on lubuntu 13.04 We have added dyndns_update=true dyndns_refresh_interval=1 to sssd.conf We expect to see an update request after 1 minute, but nothing happens. Are we correct to expect this behaviour? Cheers, Steve

Reply

Show replies by date

Lukas Slebodnik

Wednesday, 8 May Wed, 8 May

4:53 p.m.

On (08/05/13 22:46), steve wrote:

Hi We have 1.10.0beta1 on lubuntu 13.04 We have added dyndns_update=true dyndns_refresh_interval=1 to sssd.conf We expect to see an update request after 1 minute, but nothing happens. Are we correct to expect this behaviour? Cheers, Steve

From manual page "sssd-ad"

dyndns_refresh_interval (integer) How often should the back end perform periodic DNS update in addition to the automatic update performed when the back end goes online. This option is optional and applicable only when dyndns_update is true. Default: 86400 (24 hours) It is not explicitelly written, but you could noticed, that default value is in seconds. (86400 seconds == 24 hours) LS

Reply

steve

Thursday, 9 May Thu, 9 May

1:34 a.m.

On 08/05/13 23:53, Lukas Slebodnik wrote:

On (08/05/13 22:46), steve wrote: > Hi > We have 1.10.0beta1 on lubuntu 13.04 > > We have added > dyndns_update=true > dyndns_refresh=1 > to sssd.conf > > We expect to see an update request after 1 minute, but nothing > happens. Are we correct to expect this behaviour? > > Cheers, > Steve From manual page "sssd-ad" dyndns_refresh_interval (integer) How often should the back end perform periodic DNS update in addition to the automatic update performed when the back end goes online. This option is optional and applicable only when dyndns_update is true. Default: 86400 (24 hours) It is not explicitelly written, but you could noticed, that default value is in seconds. (86400 seconds == 24 hours)

Hi. Thanks. I changed it to: dyndns_update=true dyndns_refresh=60 No DNS request is made. We have a Samba4 dc which accepts dns requests from the windows clients so it seems to be working. I have set the log level to 6 but nothing gets logged. I'm looking in: /usr/local/var/log/sssd, /var/log/sssd It's starting OK and getent and user logins work fine, just not the dns update requests. sudo sssd -i -d3 (Thu May 9 08:25:32 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !! Here is our sssd.conf. What are we missing to be able to trigger the dns update requests? [sssd] debug_level = 6 services = nss, pam config_file_version = 2 domains = default [nss] [pam] [domain/default] debug_level=6 dyndns_update=true dyndns_refresh_interval=60 ldap_schema = rfc2307bis access_provider = simple enumerate = FALSE cache_credentials = true #entry_cache_timeout = 60 id_provider = ldap auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site ldap_referrals = False ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site #ldap_tls_cacertdir = /usr/local/samba/private/tls #ldap_id_use_start_tls = true #entry_negative_timeout = 1 ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member #ldap_default_bind_dn = cn=steve2,cn=Users,dc=dolores,dc=site #ldap_default_authtok_type = password #ldap_default_authtok = s2 ldap_sasl_mech = gssapi ldap_sasl_authid = PINOSO$(a)HH3.SITE ldap_krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true

Reply

Jakub Hrozek

4:26 a.m.

On Thu, May 09, 2013 at 08:34:50AM +0200, steve wrote:

On 08/05/13 23:53, Lukas Slebodnik wrote: >On (08/05/13 22:46), steve wrote: >>Hi >>We have 1.10.0beta1 on lubuntu 13.04 >> >>We have added >>dyndns_update=true >>dyndns_refresh=1 >>to sssd.conf >> >>We expect to see an update request after 1 minute, but nothing >>happens. Are we correct to expect this behaviour? >> >>Cheers, >>Steve > > From manual page "sssd-ad" > > dyndns_refresh_interval (integer) > How often should the back end perform periodic DNS update in > addition to the automatic update performed when the back end > goes online. This option is optional and applicable only > when dyndns_update is true. > > Default: 86400 (24 hours) > >It is not explicitelly written, but you could noticed, >that default value is in seconds. (86400 seconds == 24 hours) > Hi. Thanks. I changed it to: dyndns_update=true dyndns_refresh=60 No DNS request is made. We have a Samba4 dc which accepts dns requests from the windows clients so it seems to be working. I have set the log level to 6 but nothing gets logged. I'm looking in: /usr/local/var/log/sssd, /var/log/sssd It's starting OK and getent and user logins work fine, just not the dns update requests. sudo sssd -i -d3 (Thu May 9 08:25:32 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !! Here is our sssd.conf. What are we missing to be able to trigger the dns update requests? [sssd] debug_level = 6 services = nss, pam config_file_version = 2 domains = default [nss] [pam] [domain/default] debug_level=6 dyndns_update=true dyndns_refresh_interval=60 ldap_schema = rfc2307bis access_provider = simple enumerate = FALSE cache_credentials = true #entry_cache_timeout = 60 id_provider = ldap

^^^^ Currently the dyndns updates are only supported with id_provider=ad or id_provider=ipa Since you're using the POSIX attributes, you'd want to configure a domain similar to: id_provider = ad ad_server = hh16.hh3.site ad_domain = HH3.SITE ldap_id_mapping = False

auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site ldap_referrals = False ldap_uri = ldap://hh16.hh3.site ldap_search_base = dc=hh3,dc=site #ldap_tls_cacertdir = /usr/local/samba/private/tls #ldap_id_use_start_tls = true #entry_negative_timeout = 1 ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member #ldap_default_bind_dn = cn=steve2,cn=Users,dc=dolores,dc=site #ldap_default_authtok_type = password #ldap_default_authtok = s2 ldap_sasl_mech = gssapi ldap_sasl_authid = PINOSO$(a)HH3.SITE ldap_krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true _______________________________________________ sssd-devel mailing list sssd-devel(a)lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply

steve

5 a.m.

On 09/05/13 11:26, Jakub Hrozek wrote:

On Thu, May 09, 2013 at 08:34:50AM +0200, steve wrote: > On 08/05/13 23:53, Lukas Slebodnik wrote: >> On (08/05/13 22:46), steve wrote: >>> Hi >>> We have 1.10.0beta1 on lubuntu 13.04 >>> >>> We have added >>> dyndns_update=true >>> dyndns_refresh=1 >>> to sssd.conf >>> >>> We expect to see an update request after 1 minute, but nothing >>> happens. Are we correct to expect this behaviour? >>> >>> Cheers, >>> Steve >> >> From manual page "sssd-ad" >> >> dyndns_refresh_interval (integer) >> How often should the back end perform periodic DNS update in >> addition to the automatic update performed when the back end >> goes online. This option is optional and applicable only >> when dyndns_update is true. >> >> Default: 86400 (24 hours) >> >> It is not explicitelly written, but you could noticed, >> that default value is in seconds. (86400 seconds == 24 hours) >> > Hi. Thanks. I changed it to: > dyndns_update=true > dyndns_refresh=60 > > No DNS request is made. We have a Samba4 dc which accepts dns > requests from the windows clients so it seems to be working. I have > set the log level to 6 but nothing gets logged. I'm looking in: > /usr/local/var/log/sssd, /var/log/sssd > > It's starting OK and getent and user logins work fine, just not the > dns update requests. > sudo sssd -i -d3 > (Thu May 9 08:25:32 2013) [sssd[be[default]]] > [sssm_simple_access_init] (0x0040): No rules supplied for simple > access provider. Access will be granted for all users. > (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] > (0x0080): No SUDO module provided for [default] !! > (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] > (0x0020): No selinux module provided for [default] !! > (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] > (0x0020): No host info module provided for [default] !! > (Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] > (0x0020): Subdomains are not supported for [default] !! > > Here is our sssd.conf. What are we missing to be able to trigger the > dns update requests? > [sssd] > debug_level = 6 > services = nss, pam > config_file_version = 2 > domains = default > > [nss] > > [pam] > > [domain/default] > debug_level=6 > dyndns_update=true > dyndns_refresh_interval=60 > ldap_schema = rfc2307bis > access_provider = simple > enumerate = FALSE > cache_credentials = true > #entry_cache_timeout = 60 > id_provider = ldap ^^^^ Currently the dyndns updates are only supported with id_provider=ad or id_provider=ipa Since you're using the POSIX attributes, you'd want to configure a domain similar to: id_provider = ad ad_server = hh16.hh3.site ad_domain = HH3.SITE ldap_id_mapping = False

Hi OK. Changed that but then sssd crashes after the first DNS update and no update is performed: sudo sssd -i -d3 (Thu May 9 11:55:25 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0080): No autofs module provided for [default] !! (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !! (Thu May 9 11:55:41 2013) [sssd[be[default]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Thu May 9 11:55:41 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 11:55:43 2013) [sssd[be[default]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Error de entrada/salida (Thu May 9 11:55:43 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Error de entrada/salida, resolver returned: [11]: Could not contact DNS servers (Thu May 9 11:55:43 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): (Thu May 9 11:55:44 2013) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Thu May 9 11:55:44 2013) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:55:44 2013) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:55:44 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child [default] terminated with signal [11] (Thu May 9 11:55:44 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init] (0x0080): No autofs module provided for [default] !! (Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 11:55:44 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !! (Thu May 9 11:55:45 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:55:45 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:55:45 2013) [sssd[nss]] [nss_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Thu May 9 11:55:45 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:55:45 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:55:45 2013) [sssd[pam]] [pam_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Thu May 9 11:56:00 2013) [sssd[be[default]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Thu May 9 11:56:00 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 11:56:02 2013) [sssd[be[default]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Error de entrada/salida (Thu May 9 11:56:02 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Error de entrada/salida, resolver returned: [11]: Could not contact DNS servers (Thu May 9 11:56:02 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): (Thu May 9 11:56:03 2013) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Thu May 9 11:56:03 2013) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:56:03 2013) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:56:03 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child [default] terminated with signal [11] (Thu May 9 11:56:04 2013) [sssd] [tasks_check_handler] (0x0020): Child (default) not responding! (yet) (Thu May 9 11:56:04 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:04 2013) [sssd[nss]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada (Thu May 9 11:56:04 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:04 2013) [sssd[pam]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada (Thu May 9 11:56:05 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init] (0x0080): No autofs module provided for [default] !! (Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 11:56:05 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !! (Thu May 9 11:56:07 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 2 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:07 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:07 2013) [sssd[nss]] [nss_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Thu May 9 11:56:07 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 2 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:07 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:07 2013) [sssd[pam]] [pam_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Thu May 9 11:56:21 2013) [sssd[be[default]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Thu May 9 11:56:21 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 11:56:23 2013) [sssd[be[default]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Error de entrada/salida (Thu May 9 11:56:23 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Error de entrada/salida, resolver returned: [11]: Could not contact DNS servers (Thu May 9 11:56:23 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): (Thu May 9 11:56:24 2013) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Thu May 9 11:56:24 2013) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:56:24 2013) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:56:24 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child [default] terminated with signal [11] (Thu May 9 11:56:25 2013) [sssd] [tasks_check_handler] (0x0020): Child (default) not responding! (yet) (Thu May 9 11:56:25 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:25 2013) [sssd[nss]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada (Thu May 9 11:56:25 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 1 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:25 2013) [sssd[pam]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada (Thu May 9 11:56:28 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 2 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:28 2013) [sssd[nss]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada (Thu May 9 11:56:28 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 2 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:28 2013) [sssd[pam]] [sbus_reconnect] (0x0020): Failed to open connection: name=org.freedesktop.DBus.Error.NoServer, message=Failed to connect to socket /usr/local/var/lib/sss/pipes/private/sbus-dp_default: Conexión rehusada (Thu May 9 11:56:28 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init] (0x0080): No autofs module provided for [default] !! (Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 11:56:28 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !! (Thu May 9 11:56:38 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Making reconnection attempt 3 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:38 2013) [sssd[nss]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:38 2013) [sssd[nss]] [nss_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Thu May 9 11:56:38 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Making reconnection attempt 3 to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:38 2013) [sssd[pam]] [sbus_reconnect] (0x0080): Reconnected to [unix:path=/usr/local/var/lib/sss/pipes/private/sbus-dp_default] (Thu May 9 11:56:38 2013) [sssd[pam]] [pam_dp_reconnect_init] (0x0020): Reconnected to the Data Provider. (Thu May 9 11:56:44 2013) [sssd[be[default]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Thu May 9 11:56:44 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 11:56:47 2013) [sssd[be[default]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Error de entrada/salida (Thu May 9 11:56:47 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Error de entrada/salida, resolver returned: [11]: Could not contact DNS servers (Thu May 9 11:56:47 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): (Thu May 9 11:56:47 2013) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Thu May 9 11:56:47 2013) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:56:47 2013) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:56:47 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child [default] terminated with signal [11] (Thu May 9 11:56:47 2013) [sssd] [mt_svc_exit_handler] (0x0010): Process [default], definitely stopped! (Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0040): Returned with: 1 (Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0020): Terminating [pam][1997] (Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0020): Child [pam] exited gracefully (Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0020): Terminating [nss][1996] (Thu May 9 11:56:47 2013) [sssd] [monitor_quit] (0x0020): Child [nss] exited gracefully steve@pinoso:~$ The DC (Samba4) communicates with the client OK, users can still login but under the old DNS: ldb_wrap open of secrets.ldb Kerberosg ldb_wrap open of secrets.ldb Kerberos: AS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.100:56874 for krbtgt/HH3.SITE(a)HH3.SITE Kerberos: Client sent patypes: 149 Kerberos: Looking for PKINIT pa-data -- PINOSO$(a)HH3.SITE Kerberos: Looking for ENC-TS pa-data -- PINOSO$(a)HH3.SITEg ldb_wrap open of secrets.ldb Kerberos: AS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.100:56874 for krbtgt/HH3.SITE(a)HH3.SITE Kerberos: Client sent patypes: 149 Kerberos: Looking for PKINIT pa-data -- PINOSO$(a)HH3.SITE Kerberos: Looking for ENC-TS pa-data -- PINOSO$(a)HH3.SITE Kerberos: No preauth found, returning PREAUTH-REQUIRED -- PINOSO$(a)HH3.SITE Kerberos: AS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.100:58454 for krbtgt/HH3.SITE(a)HH3.SITE Kerberos: Client sent patypes: encrypted-timestamp, 149 Kerberos: Looking for PKINIT pa-data -- PINOSO$(a)HH3.SITE Kerberos: Looking for ENC-TS pa-data -- PINOSO$(a)HH3.SITE Kerberos: ENC-TS Pre-authentication succeeded -- PINOSO$(a)HH3.SITE using arcfour-hmac-md5 Kerberos: No preauth found, returning PREAUTH-REQUIRED -- PINOSO$(a)HH3.SITE Kerberos: AS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.100:58454 for krbtgt/HH3.SITE(a)HH3.SITE Kerberos: Client sent patypes: encrypted-timestamp, 149 Kerberos: Looking for PKINIT pa-data -- PINOSO$(a)HH3.SITE Kerberos: Looking for ENC-TS pa-data -- PINOSO$(a)HH3.SITE Kerberos: ENC-TS Pre-authentication succeeded -- PINOSO$(a)HH3.SITE using arcfour-hmac-md5 : AS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.100:56874 for krbtgt/HH3.SITE(a)HH3.SITE Kerberos: Client sent patypes: 149 Kerberos: Looking for PKINIT pa-data -- PINOSO$(a)HH3.SITE Kerberos: Looking for ENC-TS pa-data -- PINOSO$(a)HH3.SITE Kerberos: No preauth found, returning PREAUTH-REQUIRED -- PINOSO$(a)HH3.SITE Kerberos: AS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.100:58454 for krbtgt/HH3.SITE(a)HH3.SITE Kerberos: Client sent patypes: encrypted-timestamp, 149 Kerberos: Looking for PKINIT pa-data -- PINOSO$(a)HH3.SITE Kerberos: Looking for ENC-TS pa-data -- PINOSO$(a)HH3.SITE Kerberos: ENC-TS Pre-authentication succeeded -- PINOSO$(a)HH3.SITE using arcfour-hmac-md5

Reply

steve

6 a.m.

Hi sssd seems to be sending the wrong request to the DNS server: (Thu May 9 12:57:04 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 12:57:06 2013) [sssd[be[default]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Error de entrada/salida (Thu May 9 12:57:06 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Error de entrada/salida, resolver returned: [11]: Could not contact DNS servers (Thu May 9 12:57:06 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): (Thu May 9 12:57:07 2013) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. Kerberos: TGS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.21:35144 for DNS/a.root-servers.net(a)HH3.SITE [canonicalize, renewable] Kerberos: Searching referral for a.root-servers.net Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server DNS/a.root-servers.net(a)HH3.SITE that was not found Failed find a single entry for (&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trustPartner=ROOT-SERVERS.NET))): got 0 Kerberos: samba_kdc_fetch: could not find principal in DB Kerberos: Server not found in database: krbtgt/ROOT-SERVERS.NET(a)HH3.SITE: no such entry found in hdb Kerberos: Failed building TGS-REP to ipv4:192.168.1.21:35144 Kerberos: TGS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.21:57031 for DNS/a.root-servers.net(a)HH3.SITE [renewable] Kerberos: Server not found in database: DNS/a.root-servers.net(a)HH3.SITE: no such entry found in hdb Kerberos: Failed building TGS-REP to ipv4:192.168.1.21:57031 It is querying DNS/a.root-servers(a)HH3.SITE We do not have that spn. Why doesn't it try DNS/hh16.hh3.site(a)HH3.SITE which we do have? Thanks Steve @Simo Could you confirm that this works against a Samba4 AD?

Reply

Jakub Hrozek

6:32 a.m.

On Thu, May 09, 2013 at 01:00:02PM +0200, steve wrote:

Hi sssd seems to be sending the wrong request to the DNS server: (Thu May 9 12:57:04 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 12:57:06 2013) [sssd[be[default]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Error de entrada/salida (Thu May 9 12:57:06 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Error de entrada/salida, resolver returned: [11]: Could not contact DNS servers

The logs are telling you that the SSSD cannot resolve the machine's host name. Can you try overriding it with "ad_hostname" or adding the hostname to /ec/hosts ?

(Thu May 9 12:57:06 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): (Thu May 9 12:57:07 2013) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. Kerberos: TGS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.21:35144 for DNS/a.root-servers.net(a)HH3.SITE [canonicalize, renewable] Kerberos: Searching referral for a.root-servers.net Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server DNS/a.root-servers.net(a)HH3.SITE that was not found Failed find a single entry for (&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trustPartner=ROOT-SERVERS.NET))): got 0 Kerberos: samba_kdc_fetch: could not find principal in DB Kerberos: Server not found in database: krbtgt/ROOT-SERVERS.NET(a)HH3.SITE: no such entry found in hdb Kerberos: Failed building TGS-REP to ipv4:192.168.1.21:35144 Kerberos: TGS-REQ PINOSO$(a)HH3.SITE from ipv4:192.168.1.21:57031 for DNS/a.root-servers.net(a)HH3.SITE [renewable] Kerberos: Server not found in database: DNS/a.root-servers.net(a)HH3.SITE: no such entry found in hdb Kerberos: Failed building TGS-REP to ipv4:192.168.1.21:57031 It is querying DNS/a.root-servers(a)HH3.SITE We do not have that spn. Why doesn't it try DNS/hh16.hh3.site(a)HH3.SITE which we do have? Thanks Steve

Where do these errors come from? I suspect this is actually nsupdate, not sssd. We simply call out nsupdate with GSS-TSIG.

Reply

steve

8:03 a.m.

On 09/05/13 13:32, Jakub Hrozek wrote:

On Thu, May 09, 2013 at 01:00:02PM +0200, steve wrote: > Hi > sssd seems to be sending the wrong request to the DNS server: > > (Thu May 9 12:57:04 2013) [sssd[be[default]]] > [ad_dyndns_nsupdate_done] (0x0040): DNS update finished > (Thu May 9 12:57:06 2013) [sssd[be[default]]] > [resolv_gethostbyname_done] (0x0040): querying hosts database failed > [5]: Error de entrada/salida > (Thu May 9 12:57:06 2013) [sssd[be[default]]] > [nsupdate_get_addrs_done] (0x0040): Could not resolve address for > this machine, error [5]: Error de entrada/salida, resolver returned: > [11]: Could not contact DNS servers The logs are telling you that the SSSD cannot resolve the machine's host name. Can you try overriding it with "ad_hostname" or adding the hostname to /ec/hosts ?

Hi I added: ad_hostname = pinoso.hh3.site to sssd.conf. It was already in /etc/hosts Now the request is sent and we can see it on the Samba4 DC: Tkey handshake completed Got a dns update request. update count is 1 Looking at record: discard_const(update): struct dns_res_rec name : 'pinoso.hh3.site' rr_type : DNS_QTYPE_A (0x1) rr_class : DNS_QCLASS_IN (0x1) ttl : 0x00000e10 (3600) length : 0x0004 (4) rdata : union dns_rdata(case 0x1) ipv4_record : 192.168.1.100 unexpected : DATA_BLOB length=0 Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' (Thu May 9 14:55:21 2013) [sssd[be[default]]] But the IP is not updated. We changed it from 192.168.1.100 to 192.168.1.101. It does update if we reboot the machine [sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with server name ; TSIG error with server: tsig verify failure ; TSIG error with server: tsig verify failure ; TSIG error with server: tsig verify failure update failed: SERVFAIL (Thu May 9 14:55:21 2013) [sssd[be[default]]] [child_sig_handler] (0x0020): child [1809] failed with status [2]. (Thu May 9 14:55:21 2013) [sssd[be[default]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512] (Thu May 9 14:55:21 2013) [sssd[be[default]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158226]: Dynamic DNS update failed (Thu May 9 14:55:21 2013) [sssd[be[default]]] [ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed [1432158226]: Dynamic DNS update failed (Thu May 9 14:55:21 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): Updating DNS entry failed [1432158226]: Dynamic DNS update failed (Thu May 9 14:55:36 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 14:55:52 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 14:56:08 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished

Reply

steve

8:28 a.m.

On 09/05/13 15:03, steve wrote:

On 09/05/13 13:32, Jakub Hrozek wrote: > On Thu, May 09, 2013 at 01:00:02PM +0200, steve wrote: >> Hi >> sssd seems to be sending the wrong request to the DNS server: >> >> (Thu May 9 12:57:04 2013) [sssd[be[default]]] >> [ad_dyndns_nsupdate_done] (0x0040): DNS update finished >> (Thu May 9 12:57:06 2013) [sssd[be[default]]] >> [resolv_gethostbyname_done] (0x0040): querying hosts database failed >> [5]: Error de entrada/salida >> (Thu May 9 12:57:06 2013) [sssd[be[default]]] >> [nsupdate_get_addrs_done] (0x0040): Could not resolve address for >> this machine, error [5]: Error de entrada/salida, resolver returned: >> [11]: Could not contact DNS servers > > The logs are telling you that the SSSD cannot resolve the machine's host > name. Can you try overriding it with "ad_hostname" or adding the > hostname to /ec/hosts ? Hi I added: ad_hostname = pinoso.hh3.site to sssd.conf. It was already in /etc/hosts Now the request is sent and we can see it on the Samba4 DC: Tkey handshake completed Got a dns update request. update count is 1 Looking at record: discard_const(update): struct dns_res_rec name : 'pinoso.hh3.site' rr_type : DNS_QTYPE_A (0x1) rr_class : DNS_QCLASS_IN (0x1) ttl : 0x00000e10 (3600) length : 0x0004 (4) rdata : union dns_rdata(case 0x1) ipv4_record : 192.168.1.100 unexpected : DATA_BLOB length=0 Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' (Thu May 9 14:55:21 2013) [sssd[be[default]]] But the IP is not updated. We changed it from 192.168.1.100 to 192.168.1.101. It does update if we reboot the machine [sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with server name ; TSIG error with server: tsig verify failure ; TSIG error with server: tsig verify failure ; TSIG error with server: tsig verify failure update failed: SERVFAIL (Thu May 9 14:55:21 2013) [sssd[be[default]]] [child_sig_handler] (0x0020): child [1809] failed with status [2]. (Thu May 9 14:55:21 2013) [sssd[be[default]]] [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status [512] (Thu May 9 14:55:21 2013) [sssd[be[default]]] [be_nsupdate_done] (0x0040): nsupdate child execution failed [1432158226]: Dynamic DNS update failed (Thu May 9 14:55:21 2013) [sssd[be[default]]] [ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed [1432158226]: Dynamic DNS update failed (Thu May 9 14:55:21 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): Updating DNS entry failed [1432158226]: Dynamic DNS update failed (Thu May 9 14:55:36 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 14:55:52 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 14:56:08 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished

It is sending the old IP. 101 is the old IP. We changed it to 100, restarted the network, removed the cache and restarted sssd: server hh16.hh3.site realm HH3.SITE update delete pinoso.hh3.site. in A send update delete pinoso.hh3.site. in AAAA send update add pinoso.hh3.site. 3600 in A 192.168.1.101 send We can only make it get the new IP by rebooting the client. Must we reboot each time? Thanks

Reply

steve

10:52 a.m.

On 09/05/13 15:28, steve wrote:

On 09/05/13 15:03, steve wrote: > On 09/05/13 13:32, Jakub Hrozek wrote: >> On Thu, May 09, 2013 at 01:00:02PM +0200, steve wrote: >>> Hi >>> sssd seems to be sending the wrong request to the DNS server: >>> >>> (Thu May 9 12:57:04 2013) [sssd[be[default]]] >>> [ad_dyndns_nsupdate_done] (0x0040): DNS update finished >>> (Thu May 9 12:57:06 2013) [sssd[be[default]]] >>> [resolv_gethostbyname_done] (0x0040): querying hosts database failed >>> [5]: Error de entrada/salida >>> (Thu May 9 12:57:06 2013) [sssd[be[default]]] >>> [nsupdate_get_addrs_done] (0x0040): Could not resolve address for >>> this machine, error [5]: Error de entrada/salida, resolver returned: >>> [11]: Could not contact DNS servers >> >> The logs are telling you that the SSSD cannot resolve the machine's host >> name. Can you try overriding it with "ad_hostname" or adding the >> hostname to /ec/hosts ? > > > Hi > I added: > ad_hostname = pinoso.hh3.site > to sssd.conf. It was already in /etc/hosts > > Now the request is sent and we can see it on the Samba4 DC: > > Tkey handshake completed > Got a dns update request. > update count is 1 > Looking at record: > discard_const(update): struct dns_res_rec > name : 'pinoso.hh3.site' > rr_type : DNS_QTYPE_A (0x1) > rr_class : DNS_QCLASS_IN (0x1) > ttl : 0x00000e10 (3600) > length : 0x0004 (4) > rdata : union dns_rdata(case 0x1) > ipv4_record : 192.168.1.100 > unexpected : DATA_BLOB length=0 > Terminating connection - 'dns_tcp_call_loop: > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' > single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() > - NT_STATUS_CONNECTION_DISCONNECTED] > Terminating connection - 'dns_tcp_call_loop: > tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' > (Thu May 9 14:55:21 2013) [sssd[be[default]]] > > But the IP is not updated. We changed it from 192.168.1.100 to > 192.168.1.101. It does update if we reboot the machine > > [sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with > server name > ; TSIG error with server: tsig verify failure > ; TSIG error with server: tsig verify failure > ; TSIG error with server: tsig verify failure > update failed: SERVFAIL > (Thu May 9 14:55:21 2013) [sssd[be[default]]] [child_sig_handler] > (0x0020): child [1809] failed with status [2]. > (Thu May 9 14:55:21 2013) [sssd[be[default]]] [nsupdate_child_handler] > (0x0040): Dynamic DNS child failed with status [512] > (Thu May 9 14:55:21 2013) [sssd[be[default]]] [be_nsupdate_done] > (0x0040): nsupdate child execution failed [1432158226]: Dynamic DNS > update failed > (Thu May 9 14:55:21 2013) [sssd[be[default]]] > [ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed > [1432158226]: Dynamic DNS update failed > (Thu May 9 14:55:21 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] > (0x0040): Updating DNS entry failed [1432158226]: Dynamic DNS update > failed > (Thu May 9 14:55:36 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] > (0x0040): DNS update finished > (Thu May 9 14:55:52 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] > (0x0040): DNS update finished > (Thu May 9 14:56:08 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] > (0x0040): DNS update finished > It is sending the old IP. 101 is the old IP. We changed it to 100, restarted the network, removed the cache and restarted sssd: server hh16.hh3.site realm HH3.SITE update delete pinoso.hh3.site. in A send update delete pinoso.hh3.site. in AAAA send update add pinoso.hh3.site. 3600 in A 192.168.1.101 send We can only make it get the new IP by rebooting the client. Must we reboot each time? Thanks __

Hi OK. It's working fine, (but the TSIG errors are worrying). We don't really want to have to restart sssd after a dnydns update, so to make your test case at: https://fedoraproject.org/wiki/QA:Testcase_sssd_ad_dns_update a little more realistic, how about: e.g., using our lan IP's: Set the test client to static IP 192.168.1.100: ifconfig eth0 192.168.125.100 netmask 255.255.255.0 up domain user logs in and logs out Set the test client to static IP 192.168.1.101: ifconfig eth0 192.168.125.101 netmask 255.255.255.0 up domain user logs in check: the IP of the client has been updated The database always seems to be contacted upon login, not the cache. Is this the expected outcome of dyndns_update? Thanks for your help and a nice utility. Steve

Reply

Jakub Hrozek

11:28 a.m.

On Thu, May 09, 2013 at 03:28:25PM +0200, steve wrote:

On 09/05/13 15:03, steve wrote: >On 09/05/13 13:32, Jakub Hrozek wrote: >>On Thu, May 09, 2013 at 01:00:02PM +0200, steve wrote: >>>Hi >>>sssd seems to be sending the wrong request to the DNS server: >>> >>>(Thu May 9 12:57:04 2013) [sssd[be[default]]] >>>[ad_dyndns_nsupdate_done] (0x0040): DNS update finished >>>(Thu May 9 12:57:06 2013) [sssd[be[default]]] >>>[resolv_gethostbyname_done] (0x0040): querying hosts database failed >>>[5]: Error de entrada/salida >>>(Thu May 9 12:57:06 2013) [sssd[be[default]]] >>>[nsupdate_get_addrs_done] (0x0040): Could not resolve address for >>>this machine, error [5]: Error de entrada/salida, resolver returned: >>>[11]: Could not contact DNS servers >> >>The logs are telling you that the SSSD cannot resolve the machine's host >>name. Can you try overriding it with "ad_hostname" or adding the >>hostname to /ec/hosts ? > > >Hi >I added: >ad_hostname = pinoso.hh3.site >to sssd.conf. It was already in /etc/hosts > >Now the request is sent and we can see it on the Samba4 DC: > >Tkey handshake completed >Got a dns update request. >update count is 1 >Looking at record: > discard_const(update): struct dns_res_rec > name : 'pinoso.hh3.site' > rr_type : DNS_QTYPE_A (0x1) > rr_class : DNS_QCLASS_IN (0x1) > ttl : 0x00000e10 (3600) > length : 0x0004 (4) > rdata : union dns_rdata(case 0x1) > ipv4_record : 192.168.1.100 > unexpected : DATA_BLOB length=0 >Terminating connection - 'dns_tcp_call_loop: >tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() >- NT_STATUS_CONNECTION_DISCONNECTED] >Terminating connection - 'dns_tcp_call_loop: >tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >(Thu May 9 14:55:21 2013) [sssd[be[default]]] > >But the IP is not updated. We changed it from 192.168.1.100 to >192.168.1.101. It does update if we reboot the machine > >[sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with >server name >; TSIG error with server: tsig verify failure >; TSIG error with server: tsig verify failure >; TSIG error with server: tsig verify failure >update failed: SERVFAIL >(Thu May 9 14:55:21 2013) [sssd[be[default]]] [child_sig_handler] >(0x0020): child [1809] failed with status [2]. >(Thu May 9 14:55:21 2013) [sssd[be[default]]] [nsupdate_child_handler] >(0x0040): Dynamic DNS child failed with status [512] >(Thu May 9 14:55:21 2013) [sssd[be[default]]] [be_nsupdate_done] >(0x0040): nsupdate child execution failed [1432158226]: Dynamic DNS >update failed >(Thu May 9 14:55:21 2013) [sssd[be[default]]] >[ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed >[1432158226]: Dynamic DNS update failed >(Thu May 9 14:55:21 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] >(0x0040): Updating DNS entry failed [1432158226]: Dynamic DNS update failed >(Thu May 9 14:55:36 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] >(0x0040): DNS update finished >(Thu May 9 14:55:52 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] >(0x0040): DNS update finished >(Thu May 9 14:56:08 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] >(0x0040): DNS update finished > It is sending the old IP. 101 is the old IP. We changed it to 100, restarted the network, removed the cache and restarted sssd:

If you restarted the SSSD, then it *should* pick up the new address. There are two ways a client can learn what IP address to use for dynamic DNS update: 1) retrieve the address automatically from the socket that is used to connect to the LDAP server. This is the default. 2) You can set the dyndns_iface option to name of an interface and then all addresses from that interface will be used during the update. I presume you are using 1), then without SSSD restart the old address might still be read from the socket I guess, but since you say you restarted the sssd, then I would expect it to pick up a new address. Does this client use DHCP or only static addresses? Any chance the DHCP server might clobber the new address you set?

server hh16.hh3.site realm HH3.SITE update delete pinoso.hh3.site. in A send update delete pinoso.hh3.site. in AAAA send update add pinoso.hh3.site. 3600 in A 192.168.1.101 send We can only make it get the new IP by rebooting the client. Must we reboot each time? Thanks

Reply

steve

11:36 a.m.

On 09/05/13 18:28, Jakub Hrozek wrote:

On Thu, May 09, 2013 at 03:28:25PM +0200, steve wrote: > On 09/05/13 15:03, steve wrote: >> On 09/05/13 13:32, Jakub Hrozek wrote: >>> On Thu, May 09, 2013 at 01:00:02PM +0200, steve wrote: >>>> Hi >>>> sssd seems to be sending the wrong request to the DNS server: >>>> >>>> (Thu May 9 12:57:04 2013) [sssd[be[default]]] >>>> [ad_dyndns_nsupdate_done] (0x0040): DNS update finished >>>> (Thu May 9 12:57:06 2013) [sssd[be[default]]] >>>> [resolv_gethostbyname_done] (0x0040): querying hosts database failed >>>> [5]: Error de entrada/salida >>>> (Thu May 9 12:57:06 2013) [sssd[be[default]]] >>>> [nsupdate_get_addrs_done] (0x0040): Could not resolve address for >>>> this machine, error [5]: Error de entrada/salida, resolver returned: >>>> [11]: Could not contact DNS servers >>> >>> The logs are telling you that the SSSD cannot resolve the machine's host >>> name. Can you try overriding it with "ad_hostname" or adding the >>> hostname to /ec/hosts ? >> >> >> Hi >> I added: >> ad_hostname = pinoso.hh3.site >> to sssd.conf. It was already in /etc/hosts >> >> Now the request is sent and we can see it on the Samba4 DC: >> >> Tkey handshake completed >> Got a dns update request. >> update count is 1 >> Looking at record: >> discard_const(update): struct dns_res_rec >> name : 'pinoso.hh3.site' >> rr_type : DNS_QTYPE_A (0x1) >> rr_class : DNS_QCLASS_IN (0x1) >> ttl : 0x00000e10 (3600) >> length : 0x0004 (4) >> rdata : union dns_rdata(case 0x1) >> ipv4_record : 192.168.1.100 >> unexpected : DATA_BLOB length=0 >> Terminating connection - 'dns_tcp_call_loop: >> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >> single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() >> - NT_STATUS_CONNECTION_DISCONNECTED] >> Terminating connection - 'dns_tcp_call_loop: >> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >> (Thu May 9 14:55:21 2013) [sssd[be[default]]] >> >> But the IP is not updated. We changed it from 192.168.1.100 to >> 192.168.1.101. It does update if we reboot the machine >> >> [sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with >> server name >> ; TSIG error with server: tsig verify failure >> ; TSIG error with server: tsig verify failure >> ; TSIG error with server: tsig verify failure >> update failed: SERVFAIL >> (Thu May 9 14:55:21 2013) [sssd[be[default]]] [child_sig_handler] >> (0x0020): child [1809] failed with status [2]. >> (Thu May 9 14:55:21 2013) [sssd[be[default]]] [nsupdate_child_handler] >> (0x0040): Dynamic DNS child failed with status [512] >> (Thu May 9 14:55:21 2013) [sssd[be[default]]] [be_nsupdate_done] >> (0x0040): nsupdate child execution failed [1432158226]: Dynamic DNS >> update failed >> (Thu May 9 14:55:21 2013) [sssd[be[default]]] >> [ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed >> [1432158226]: Dynamic DNS update failed >> (Thu May 9 14:55:21 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] >> (0x0040): Updating DNS entry failed [1432158226]: Dynamic DNS update failed >> (Thu May 9 14:55:36 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] >> (0x0040): DNS update finished >> (Thu May 9 14:55:52 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] >> (0x0040): DNS update finished >> (Thu May 9 14:56:08 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] >> (0x0040): DNS update finished >> > > It is sending the old IP. 101 is the old IP. We changed it to 100, > restarted the network, removed the cache and restarted sssd: > If you restarted the SSSD, then it *should* pick up the new address. There are two ways a client can learn what IP address to use for dynamic DNS update: 1) retrieve the address automatically from the socket that is used to connect to the LDAP server. This is the default. 2) You can set the dyndns_iface option to name of an interface and then all addresses from that interface will be used during the update. I presume you are using 1), then without SSSD restart the old address might still be read from the socket I guess, but since you say you restarted the sssd, then I would expect it to pick up a new address. Does this client use DHCP or only static addresses? Any chance the DHCP server might clobber the new address you set?

Hi This works: Start sssd set the IP login and out as ad user change the IP login again sssd consults the server and the IP is updated. Perfect! Works with both static and dhcp IP changes. I've no idea why but it's good enough for us. When will the beta go oficially stable? (I'm not allowed beta in production). Cheers, Steve

Reply

steve

11:56 a.m.

On 09/05/13 18:36, steve wrote:

On 09/05/13 18:28, Jakub Hrozek wrote: > On Thu, May 09, 2013 at 03:28:25PM +0200, steve wrote: >> On 09/05/13 15:03, steve wrote: >>> On 09/05/13 13:32, Jakub Hrozek wrote: >>>> On Thu, May 09, 2013 at 01:00:02PM +0200, steve wrote: >>>>> Hi >>>>> sssd seems to be sending the wrong request to the DNS server: >>>>> >>>>> (Thu May 9 12:57:04 2013) [sssd[be[default]]] >>>>> [ad_dyndns_nsupdate_done] (0x0040): DNS update finished >>>>> (Thu May 9 12:57:06 2013) [sssd[be[default]]] >>>>> [resolv_gethostbyname_done] (0x0040): querying hosts database failed >>>>> [5]: Error de entrada/salida >>>>> (Thu May 9 12:57:06 2013) [sssd[be[default]]] >>>>> [nsupdate_get_addrs_done] (0x0040): Could not resolve address for >>>>> this machine, error [5]: Error de entrada/salida, resolver returned: >>>>> [11]: Could not contact DNS servers >>>> >>>> The logs are telling you that the SSSD cannot resolve the machine's >>>> host >>>> name. Can you try overriding it with "ad_hostname" or adding the >>>> hostname to /ec/hosts ? >>> >>> >>> Hi >>> I added: >>> ad_hostname = pinoso.hh3.site >>> to sssd.conf. It was already in /etc/hosts >>> >>> Now the request is sent and we can see it on the Samba4 DC: >>> >>> Tkey handshake completed >>> Got a dns update request. >>> update count is 1 >>> Looking at record: >>> discard_const(update): struct dns_res_rec >>> name : 'pinoso.hh3.site' >>> rr_type : DNS_QTYPE_A (0x1) >>> rr_class : DNS_QCLASS_IN (0x1) >>> ttl : 0x00000e10 (3600) >>> length : 0x0004 (4) >>> rdata : union dns_rdata(case 0x1) >>> ipv4_record : 192.168.1.100 >>> unexpected : DATA_BLOB length=0 >>> Terminating connection - 'dns_tcp_call_loop: >>> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >>> single_terminate: reason[dns_tcp_call_loop: >>> tstream_read_pdu_blob_recv() >>> - NT_STATUS_CONNECTION_DISCONNECTED] >>> Terminating connection - 'dns_tcp_call_loop: >>> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >>> (Thu May 9 14:55:21 2013) [sssd[be[default]]] >>> >>> But the IP is not updated. We changed it from 192.168.1.100 to >>> 192.168.1.101. It does update if we reboot the machine >>> >>> [sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with >>> server name >>> ; TSIG error with server: tsig verify failure >>> ; TSIG error with server: tsig verify failure >>> ; TSIG error with server: tsig verify failure >>> update failed: SERVFAIL >>> (Thu May 9 14:55:21 2013) [sssd[be[default]]] [child_sig_handler] >>> (0x0020): child [1809] failed with status [2]. >>> (Thu May 9 14:55:21 2013) [sssd[be[default]]] [nsupdate_child_handler] >>> (0x0040): Dynamic DNS child failed with status [512] >>> (Thu May 9 14:55:21 2013) [sssd[be[default]]] [be_nsupdate_done] >>> (0x0040): nsupdate child execution failed [1432158226]: Dynamic DNS >>> update failed >>> (Thu May 9 14:55:21 2013) [sssd[be[default]]] >>> [ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed >>> [1432158226]: Dynamic DNS update failed >>> (Thu May 9 14:55:21 2013) [sssd[be[default]]] >>> [ad_dyndns_nsupdate_done] >>> (0x0040): Updating DNS entry failed [1432158226]: Dynamic DNS update >>> failed >>> (Thu May 9 14:55:36 2013) [sssd[be[default]]] >>> [ad_dyndns_nsupdate_done] >>> (0x0040): DNS update finished >>> (Thu May 9 14:55:52 2013) [sssd[be[default]]] >>> [ad_dyndns_nsupdate_done] >>> (0x0040): DNS update finished >>> (Thu May 9 14:56:08 2013) [sssd[be[default]]] >>> [ad_dyndns_nsupdate_done] >>> (0x0040): DNS update finished >>> >> >> It is sending the old IP. 101 is the old IP. We changed it to 100, >> restarted the network, removed the cache and restarted sssd: >> > > If you restarted the SSSD, then it *should* pick up the new address. > > There are two ways a client can learn what IP address to use for > dynamic DNS update: > 1) retrieve the address automatically from the socket that is used > to connect to the LDAP server. This is the default. > 2) You can set the dyndns_iface option to name of an interface and > then all addresses from that interface will be used during the > update. > I presume you are using 1), then without SSSD restart the old address > might still be read from the socket I guess, but since you say you > restarted the sssd, then I would expect it to pick up a new address. > > Does this client use DHCP or only static addresses? Any chance the DHCP > server might clobber the new address you set? > Hi This works: Start sssd set the IP login and out as ad user change the IP login again sssd consults the server and the IP is updated. Perfect! Works with both static and dhcp IP changes.

Sorry. Only works with static IP changes. What would we do to get it working for dhcp too?

Reply

steve

12:08 p.m.

On 09/05/13 18:56, steve wrote:

On 09/05/13 18:36, steve wrote: > On 09/05/13 18:28, Jakub Hrozek wrote: >> On Thu, May 09, 2013 at 03:28:25PM +0200, steve wrote: >>> On 09/05/13 15:03, steve wrote: >>>> On 09/05/13 13:32, Jakub Hrozek wrote: >>>>> On Thu, May 09, 2013 at 01:00:02PM +0200, steve wrote: >>>>>> Hi >>>>>> sssd seems to be sending the wrong request to the DNS server: >>>>>> >>>>>> (Thu May 9 12:57:04 2013) [sssd[be[default]]] >>>>>> [ad_dyndns_nsupdate_done] (0x0040): DNS update finished >>>>>> (Thu May 9 12:57:06 2013) [sssd[be[default]]] >>>>>> [resolv_gethostbyname_done] (0x0040): querying hosts database failed >>>>>> [5]: Error de entrada/salida >>>>>> (Thu May 9 12:57:06 2013) [sssd[be[default]]] >>>>>> [nsupdate_get_addrs_done] (0x0040): Could not resolve address for >>>>>> this machine, error [5]: Error de entrada/salida, resolver returned: >>>>>> [11]: Could not contact DNS servers >>>>> >>>>> The logs are telling you that the SSSD cannot resolve the machine's >>>>> host >>>>> name. Can you try overriding it with "ad_hostname" or adding the >>>>> hostname to /ec/hosts ? >>>> >>>> >>>> Hi >>>> I added: >>>> ad_hostname = pinoso.hh3.site >>>> to sssd.conf. It was already in /etc/hosts >>>> >>>> Now the request is sent and we can see it on the Samba4 DC: >>>> >>>> Tkey handshake completed >>>> Got a dns update request. >>>> update count is 1 >>>> Looking at record: >>>> discard_const(update): struct dns_res_rec >>>> name : 'pinoso.hh3.site' >>>> rr_type : DNS_QTYPE_A (0x1) >>>> rr_class : DNS_QCLASS_IN (0x1) >>>> ttl : 0x00000e10 (3600) >>>> length : 0x0004 (4) >>>> rdata : union dns_rdata(case 0x1) >>>> ipv4_record : 192.168.1.100 >>>> unexpected : DATA_BLOB length=0 >>>> Terminating connection - 'dns_tcp_call_loop: >>>> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >>>> single_terminate: reason[dns_tcp_call_loop: >>>> tstream_read_pdu_blob_recv() >>>> - NT_STATUS_CONNECTION_DISCONNECTED] >>>> Terminating connection - 'dns_tcp_call_loop: >>>> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >>>> (Thu May 9 14:55:21 2013) [sssd[be[default]]] >>>> >>>> But the IP is not updated. We changed it from 192.168.1.100 to >>>> 192.168.1.101. It does update if we reboot the machine >>>> >>>> [sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with >>>> server name >>>> ; TSIG error with server: tsig verify failure >>>> ; TSIG error with server: tsig verify failure >>>> ; TSIG error with server: tsig verify failure >>>> update failed: SERVFAIL >>>> (Thu May 9 14:55:21 2013) [sssd[be[default]]] [child_sig_handler] >>>> (0x0020): child [1809] failed with status [2]. >>>> (Thu May 9 14:55:21 2013) [sssd[be[default]]] >>>> [nsupdate_child_handler] >>>> (0x0040): Dynamic DNS child failed with status [512] >>>> (Thu May 9 14:55:21 2013) [sssd[be[default]]] [be_nsupdate_done] >>>> (0x0040): nsupdate child execution failed [1432158226]: Dynamic DNS >>>> update failed >>>> (Thu May 9 14:55:21 2013) [sssd[be[default]]] >>>> [ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed >>>> [1432158226]: Dynamic DNS update failed >>>> (Thu May 9 14:55:21 2013) [sssd[be[default]]] >>>> [ad_dyndns_nsupdate_done] >>>> (0x0040): Updating DNS entry failed [1432158226]: Dynamic DNS update >>>> failed >>>> (Thu May 9 14:55:36 2013) [sssd[be[default]]] >>>> [ad_dyndns_nsupdate_done] >>>> (0x0040): DNS update finished >>>> (Thu May 9 14:55:52 2013) [sssd[be[default]]] >>>> [ad_dyndns_nsupdate_done] >>>> (0x0040): DNS update finished >>>> (Thu May 9 14:56:08 2013) [sssd[be[default]]] >>>> [ad_dyndns_nsupdate_done] >>>> (0x0040): DNS update finished >>>> >>> >>> It is sending the old IP. 101 is the old IP. We changed it to 100, >>> restarted the network, removed the cache and restarted sssd: >>> >> >> If you restarted the SSSD, then it *should* pick up the new address. >> >> There are two ways a client can learn what IP address to use for >> dynamic DNS update: >> 1) retrieve the address automatically from the socket that is used >> to connect to the LDAP server. This is the default. >> 2) You can set the dyndns_iface option to name of an interface and >> then all addresses from that interface will be used during the >> update. >> I presume you are using 1), then without SSSD restart the old address >> might still be read from the socket I guess, but since you say you >> restarted the sssd, then I would expect it to pick up a new address. >> >> Does this client use DHCP or only static addresses? Any chance the DHCP >> server might clobber the new address you set? >> > > Hi > This works: > Start sssd > set the IP > login and out as ad user > change the IP > login again > sssd consults the server and the IP is updated. Perfect! > > Works with both static and dhcp IP changes. Sorry. Only works with static IP changes. What would we do to get it working for dhcp too?

Anything easier (automatic even) than: sudo dhclient -r sudo dhclient eth0

Reply

Jakub Hrozek

12:57 p.m.

On Thu, May 09, 2013 at 07:08:30PM +0200, steve wrote:

On 09/05/13 18:56, steve wrote: >On 09/05/13 18:36, steve wrote: >>On 09/05/13 18:28, Jakub Hrozek wrote: >>>On Thu, May 09, 2013 at 03:28:25PM +0200, steve wrote: >>>>On 09/05/13 15:03, steve wrote: >>>>>On 09/05/13 13:32, Jakub Hrozek wrote: >>>>>>On Thu, May 09, 2013 at 01:00:02PM +0200, steve wrote: >>>>>>>Hi >>>>>>>sssd seems to be sending the wrong request to the DNS server: >>>>>>> >>>>>>>(Thu May 9 12:57:04 2013) [sssd[be[default]]] >>>>>>>[ad_dyndns_nsupdate_done] (0x0040): DNS update finished >>>>>>>(Thu May 9 12:57:06 2013) [sssd[be[default]]] >>>>>>>[resolv_gethostbyname_done] (0x0040): querying hosts database failed >>>>>>>[5]: Error de entrada/salida >>>>>>>(Thu May 9 12:57:06 2013) [sssd[be[default]]] >>>>>>>[nsupdate_get_addrs_done] (0x0040): Could not resolve address for >>>>>>>this machine, error [5]: Error de entrada/salida, resolver returned: >>>>>>>[11]: Could not contact DNS servers >>>>>> >>>>>>The logs are telling you that the SSSD cannot resolve the machine's >>>>>>host >>>>>>name. Can you try overriding it with "ad_hostname" or adding the >>>>>>hostname to /ec/hosts ? >>>>> >>>>> >>>>>Hi >>>>>I added: >>>>>ad_hostname = pinoso.hh3.site >>>>>to sssd.conf. It was already in /etc/hosts >>>>> >>>>>Now the request is sent and we can see it on the Samba4 DC: >>>>> >>>>>Tkey handshake completed >>>>>Got a dns update request. >>>>>update count is 1 >>>>>Looking at record: >>>>> discard_const(update): struct dns_res_rec >>>>> name : 'pinoso.hh3.site' >>>>> rr_type : DNS_QTYPE_A (0x1) >>>>> rr_class : DNS_QCLASS_IN (0x1) >>>>> ttl : 0x00000e10 (3600) >>>>> length : 0x0004 (4) >>>>> rdata : union dns_rdata(case 0x1) >>>>> ipv4_record : 192.168.1.100 >>>>> unexpected : DATA_BLOB length=0 >>>>>Terminating connection - 'dns_tcp_call_loop: >>>>>tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >>>>>single_terminate: reason[dns_tcp_call_loop: >>>>>tstream_read_pdu_blob_recv() >>>>>- NT_STATUS_CONNECTION_DISCONNECTED] >>>>>Terminating connection - 'dns_tcp_call_loop: >>>>>tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' >>>>>(Thu May 9 14:55:21 2013) [sssd[be[default]]] >>>>> >>>>>But the IP is not updated. We changed it from 192.168.1.100 to >>>>>192.168.1.101. It does update if we reboot the machine >>>>> >>>>>[sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with >>>>>server name >>>>>; TSIG error with server: tsig verify failure >>>>>; TSIG error with server: tsig verify failure >>>>>; TSIG error with server: tsig verify failure >>>>>update failed: SERVFAIL >>>>>(Thu May 9 14:55:21 2013) [sssd[be[default]]] [child_sig_handler] >>>>>(0x0020): child [1809] failed with status [2]. >>>>>(Thu May 9 14:55:21 2013) [sssd[be[default]]] >>>>>[nsupdate_child_handler] >>>>>(0x0040): Dynamic DNS child failed with status [512] >>>>>(Thu May 9 14:55:21 2013) [sssd[be[default]]] [be_nsupdate_done] >>>>>(0x0040): nsupdate child execution failed [1432158226]: Dynamic DNS >>>>>update failed >>>>>(Thu May 9 14:55:21 2013) [sssd[be[default]]] >>>>>[ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed >>>>>[1432158226]: Dynamic DNS update failed >>>>>(Thu May 9 14:55:21 2013) [sssd[be[default]]] >>>>>[ad_dyndns_nsupdate_done] >>>>>(0x0040): Updating DNS entry failed [1432158226]: Dynamic DNS update >>>>>failed >>>>>(Thu May 9 14:55:36 2013) [sssd[be[default]]] >>>>>[ad_dyndns_nsupdate_done] >>>>>(0x0040): DNS update finished >>>>>(Thu May 9 14:55:52 2013) [sssd[be[default]]] >>>>>[ad_dyndns_nsupdate_done] >>>>>(0x0040): DNS update finished >>>>>(Thu May 9 14:56:08 2013) [sssd[be[default]]] >>>>>[ad_dyndns_nsupdate_done] >>>>>(0x0040): DNS update finished >>>>> >>>> >>>>It is sending the old IP. 101 is the old IP. We changed it to 100, >>>>restarted the network, removed the cache and restarted sssd: >>>> >>> >>>If you restarted the SSSD, then it *should* pick up the new address. >>> >>>There are two ways a client can learn what IP address to use for >>>dynamic DNS update: >>> 1) retrieve the address automatically from the socket that is used >>> to connect to the LDAP server. This is the default. >>> 2) You can set the dyndns_iface option to name of an interface and >>> then all addresses from that interface will be used during the >>> update. >>>I presume you are using 1), then without SSSD restart the old address >>>might still be read from the socket I guess, but since you say you >>>restarted the sssd, then I would expect it to pick up a new address. >>> >>>Does this client use DHCP or only static addresses? Any chance the DHCP >>>server might clobber the new address you set? >>> >> >>Hi >>This works: >>Start sssd >>set the IP >>login and out as ad user >>change the IP >>login again >>sssd consults the server and the IP is updated. Perfect! >>

A little more explanation -- there are two ways the client performs the update: 1) when the back end transitions from "offline" to "online" state 2) Periodically. Currently the dyndns_refresh_interval option defaults to 86400 seconds (24 hours). You can simulate the online transition by sending SIGUSR1 to the SSSD to tell it to go offline, then SIGUSR2 to go back online. See man sssd(8) for more info on the signals.

>>Works with both static and dhcp IP changes. > >Sorry. Only works with static IP changes. What would we do to get it >working for dhcp too? Anything easier (automatic even) than: sudo dhclient -r sudo dhclient eth0

Do you know if the client picked the new address from DHCP? (the syslog would tell I guess). If you need to renew the lease, then maybe it was still using the old address?

Reply

Jakub Hrozek

12:58 p.m.

On Thu, May 09, 2013 at 06:36:34PM +0200, steve wrote:

When will the beta go oficially stable? (I'm not allowed beta in production). Cheers, Steve

I would say four to six weeks from now (mid to end of June). Right now, it's really a beta and there are inevitably bugs as the features and patches are still flowing in.

Reply

Jakub Hrozek

6:37 a.m.

On Thu, May 09, 2013 at 12:00:46PM +0200, steve wrote:

On 09/05/13 11:26, Jakub Hrozek wrote: >On Thu, May 09, 2013 at 08:34:50AM +0200, steve wrote: >>On 08/05/13 23:53, Lukas Slebodnik wrote: >>>On (08/05/13 22:46), steve wrote: >>>>Hi >>>>We have 1.10.0beta1 on lubuntu 13.04 >>>> >>>>We have added >>>>dyndns_update=true >>>>dyndns_refresh=1 >>>>to sssd.conf >>>> >>>>We expect to see an update request after 1 minute, but nothing >>>>happens. Are we correct to expect this behaviour? >>>> >>>>Cheers, >>>>Steve >>> >>> From manual page "sssd-ad" >>> >>> dyndns_refresh_interval (integer) >>> How often should the back end perform periodic DNS update in >>> addition to the automatic update performed when the back end >>> goes online. This option is optional and applicable only >>> when dyndns_update is true. >>> >>> Default: 86400 (24 hours) >>> >>>It is not explicitelly written, but you could noticed, >>>that default value is in seconds. (86400 seconds == 24 hours) >>> >>Hi. Thanks. I changed it to: >>dyndns_update=true >>dyndns_refresh=60 >> >>No DNS request is made. We have a Samba4 dc which accepts dns >>requests from the windows clients so it seems to be working. I have >>set the log level to 6 but nothing gets logged. I'm looking in: >>/usr/local/var/log/sssd, /var/log/sssd >> >>It's starting OK and getent and user logins work fine, just not the >>dns update requests. >>sudo sssd -i -d3 >>(Thu May 9 08:25:32 2013) [sssd[be[default]]] >>[sssm_simple_access_init] (0x0040): No rules supplied for simple >>access provider. Access will be granted for all users. >>(Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] >>(0x0080): No SUDO module provided for [default] !! >>(Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] >>(0x0020): No selinux module provided for [default] !! >>(Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] >>(0x0020): No host info module provided for [default] !! >>(Thu May 9 08:25:32 2013) [sssd[be[default]]] [be_process_init] >>(0x0020): Subdomains are not supported for [default] !! >> >>Here is our sssd.conf. What are we missing to be able to trigger the >>dns update requests? >>[sssd] >>debug_level = 6 >>services = nss, pam >>config_file_version = 2 >>domains = default >> >>[nss] >> >>[pam] >> >>[domain/default] >>debug_level=6 >>dyndns_update=true >>dyndns_refresh_interval=60 >>ldap_schema = rfc2307bis >>access_provider = simple >>enumerate = FALSE >>cache_credentials = true >>#entry_cache_timeout = 60 >>id_provider = ldap > >^^^^ > >Currently the dyndns updates are only supported with id_provider=ad or >id_provider=ipa > >Since you're using the POSIX attributes, you'd want to configure a >domain similar to: > >id_provider = ad >ad_server = hh16.hh3.site >ad_domain = HH3.SITE >ldap_id_mapping = False > Hi OK. Changed that but then sssd crashes after the first DNS update and no update is performed: sudo sssd -i -d3 (Thu May 9 11:55:25 2013) [sssd[be[default]]] [sssm_simple_access_init] (0x0040): No rules supplied for simple access provider. Access will be granted for all users. (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0080): No SUDO module provided for [default] !! (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0080): No autofs module provided for [default] !! (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0020): No selinux module provided for [default] !! (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0020): No host info module provided for [default] !! (Thu May 9 11:55:25 2013) [sssd[be[default]]] [be_process_init] (0x0020): Subdomains are not supported for [default] !! (Thu May 9 11:55:41 2013) [sssd[be[default]]] [be_run_online_cb] (0x0080): Going online. Running callbacks. (Thu May 9 11:55:41 2013) [sssd[be[default]]] [ad_dyndns_nsupdate_done] (0x0040): DNS update finished (Thu May 9 11:55:43 2013) [sssd[be[default]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Error de entrada/salida (Thu May 9 11:55:43 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Error de entrada/salida, resolver returned: [11]: Could not contact DNS servers (Thu May 9 11:55:43 2013) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): (Thu May 9 11:55:44 2013) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Thu May 9 11:55:44 2013) [sssd[nss]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:55:44 2013) [sssd[pam]] [sbus_dispatch] (0x0020): Performing auto-reconnect (Thu May 9 11:55:44 2013) [sssd] [mt_svc_exit_handler] (0x0040): Child [default] terminated with signal [11]

Oof, I suspect we don't handle the situation where we can't get the machine host name well: https://fedorahosted.org/sssd/ticket/1913 Can you get us a backtrace, please?

Reply

4003

days inactive

4004

days old

sssd-devel@lists.fedorahosted.org

Manage subscription

16 comments

3 participants

tags (0)

participants (3)

Jakub Hrozek
Lukas Slebodnik
steve